Event data source type configuration

To configure event collection from third-party devices, you need to complete configuration tasks on the third-party device, add a data source in the QRadar® product, and configure the connectors for the data source type. The key components that work together to collect events from third-party devices are data sources and data source types.

Data source type

A data source type is a code module that parses received events from multiple data sources and converts them to a standard taxonomy format that can be displayed as output. Each data source has a corresponding data source type. For example, a CrowdStrike data source type parses and normalizes events from a CrowdStrike data source.

You can configure the data source type in the QRadar product.

Third-party device installation process

To collect events from a third-party device, you must complete installation and configuration steps on both the data source device and in the QRadar product.

The following steps represent a typical installation process:
  1. Read the specific instructions for how to integrate your third-party device.
  2. Configure the third-party device to send events to the QRadar product. After some events are received, the product automatically detects the third-party device and creates a data source configuration. You can customize the information in the QRadar product's user interface. For more information, see Adding ingestion data sources.
  3. Add a data source. For more information, see Adding ingestion data sources.

For more information about adding or customizing a data source, see Adding ingestion data sources.

If you are an IBM® QRadar user, see Terminology changes for QRadar customers.